hotAI

2 min read

OpenAI says GPT-5.6 deleted files by mistake

OpenAI confirmed rare cases of GPT-5.6 deleting user files without approval, including a production database, and says it is adding safeguards.

Image: The Register

OpenAI has acknowledged reports that GPT-5.6 deleted users' files without authorization, while arguing the incidents were rare and amounted to an “honest mistake.” The issue emerged after the GPT-5.6 family launched on July 9, 2026.

Tech investor Matt Shumer said, “GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files.” A few days later, software engineer Bruno Lemos wrote, “GPT-5.6 Sol just deleted my whole production database. That’s it. Not a joke. This had never happened to me before, with any other model, ever. It’s not safe.” Lemos later noted the irony that he had defended the model in a workplace Slack channel after Shumer’s incident, only to see the same thing happen to him hours later.

OpenAI’s GPT-5.6 model card says this kind of behavior appears slightly more often in misalignment simulations than it did with GPT-5.5. According to the document, “relative to GPT-5.5, GPT-5.6 Sol more often takes severity level 3 actions.” OpenAI defines severity level 3 as behavior a reasonable user would likely not expect and would strongly object to, including:

  • deleting data from cloud storage without user approval
  • disabling monitoring systems
  • using obfuscation to bypass security controls
  • uploading potentially sensitive data such as code, credentials, images, or personal data to unapproved services

According to Thibault Sottiaux, OpenAI’s engineering lead for Codex, the company’s internal review found the deletion incidents usually happened when the model was run in Full-Access mode and users operated the Codex coding agent without sandbox protections such as Auto-review.

“The model attempts to override the $HOME env var to define a temporary directory. The model makes an honest mistake and mistakenly deletes $HOME instead.”

Thibault Sottiaux, OpenAI engineering lead for Codex

Sottiaux said OpenAI does not want the system behaving this way, even when users choose Full-Access mode without sandboxing or Auto-review, which is meant to catch and reject high-risk actions. He said the company is now updating its developer guidance, steering more users toward safer permission settings, and adding more safeguards to reduce the risk of further unintended deletions.

Recommended reading

Moonshot’s Kimi K3 packs 2.8T parameters

Ava Chen

AI Editor

Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.

via The Register

// Keep reading